Bug 662325 (CVE-2010-3616)

Summary: CVE-2010-3616 dhcp: server hangs with TCP to failover peer port
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jpopelka
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:57:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 662326    
Bug Blocks:    

Description Vincent Danen 2010-12-11 16:03:55 UTC 
A flaw was found in ISC's dhcpd [1] where, if a server receives a TCP connection on a port that has been configured for communication with a failover peer, it would be come unresponsive to all normal DHCP protocol traffic.  This will result in the server no longer providing DHCP services to clients until it is restarted.

This flaw only affects DHCP version 4.2 and is corrected in DHCP 4.2.0-P2 [2].  Previous versions of DHCP are not vulnerable.

Only current Fedora 14 and Rawhide ship dhcp-4.2.0 and are vulnerable to this issue.

[1] http://www.pubbs.net/201012/dhcp/9981-nagios-checktcp-kills-failover-then-dhcp-failure.html
[2] https://www.isc.org/software/dhcp/advisories/cve-2010-3616

Statement:

Not vulnerable.  This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6.
Comment 1 Vincent Danen 2010-12-11 16:05:17 UTC 
Created dhcp tracking bugs for this issue

Affects: fedora-14 [bug 662326]